Path: csiph.com!usenet.pasdenom.info!aioe.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.012 X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'parameters': 0.04; 'computing,': 0.07; 'plug': 0.09; 'storage.': 0.09; 'subject:files': 0.09; 'subject:related': 0.09; 'tmp': 0.09; 'windows,': 0.09; 'runs': 0.10; 'subject:question': 0.10; 'cc:addr :python-list': 0.11; 'python': 0.11; 'assume': 0.14; 'windows': 0.15; 'left,': 0.16; 'preserves': 0.16; 'prohibit': 0.16; 'received:mac.com': 0.16; 'subject:security': 0.16; 'temp': 0.16; 'this)': 0.16; 'wrote:': 0.18; 'received:10.0.1': 0.19; 'later': 0.20; 'starts': 0.20; 'machine': 0.22; 'memory': 0.22; 'cloud': 0.22; 'cc:addr:python.org': 0.22; 'cc:2**1': 0.23; 'file.': 0.24; 'question': 0.24; 'cc:no real name:2**0': 0.24; 'this:': 0.26; 'host': 0.29; 'specifically': 0.29; 'leave': 0.29; 'am,': 0.29; 'possibility': 0.29; "doesn't": 0.30; '(maybe': 0.31; 'disable': 0.31; 'trace': 0.31; "user's": 0.31; 'file': 0.32; 'option': 0.32; 'run': 0.32; 'says': 0.33; 'up.': 0.33; 'becomes': 0.33; "can't": 0.35; 'computing': 0.35; 'but': 0.35; 'data,': 0.36; 'disk': 0.36; 'doing': 0.36; 'thanks': 0.36; 'received:10.0': 0.36; 'should': 0.36; 'application': 0.37; 'level': 0.37; 'received:10': 0.37; 'being': 0.38; 'remote': 0.38; 'received:17': 0.38; 'richard': 0.38; 'files': 0.38; 'fact': 0.38; 'pm,': 0.38; 'anything': 0.39; 'sure': 0.39; 'system.': 0.39; 'remove': 0.60; 'truly': 0.60; 'up,': 0.60; 'tell': 0.60; 'act': 0.63; 'information': 0.63; 'temporary': 0.65; 'flash': 0.69; 'risk': 0.72; 'jul': 0.74; 'goal': 0.75; '2014,': 0.84; '3.4': 0.84; 'accessed.': 0.84; 'around,': 0.84; 'drive.': 0.84; 'header:In-reply-to:1': 0.84; 'nagy': 0.84; 'to:addr:richard': 0.84; 'charset:windows-1250': 0.91; 'imagine': 0.93 MIME-version: 1.0 Content-type: text/plain; charset=windows-1250 Subject: Re: cx_freeze and temporary files - security related question From: William Ray Wing In-reply-to: <53cuv.255700$eG6.225581@fx29.iad> Date: Sun, 06 Jul 2014 15:04:12 -0400 Content-transfer-encoding: quoted-printable References: <53cuv.255700$eG6.225581@fx29.iad> To: Richard Damon X-Mailer: Apple Mail (2.1878.6) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52,1.0.14,0.0.0000 definitions=2014-07-06_02:2014-07-04,2014-07-06,1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1407060259 Cc: python-list@python.org, "William R. Wing" X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 56 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1404673482 news.xs4all.nl 2971 [2001:888:2000:d::a6]:39649 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:74047 On Jul 6, 2014, at 9:21 AM, Richard Damon = wrote: > On 5/21/14, 12:42 PM, Nagy L=E1szl=F3 Zsolt wrote: >> I need to create an application for Windows 7 that runs from a flash >> drive. This program would be used to create remote backups of the >> pendrive. The pendrive contains sensitive data, so when I plug in the >> pendrive and run the program to make a backup, it should not leave = any >> trace of operation on the windows system. The information is so >> sensitive that I was forbidden to use cloud storage. I was also >> forbidden to make backups to a local drive, or leave any trace on the >> host windows system. >>=20 >> The question is this: if I create this program with Python 3.4 and >> cx_Freeze, then what should I expect. When the user starts the >> cx_freeze-d program from the flash drive, will it create temporary = files >> on the system drive? Will it leave log files or store any permanent = or >> temporary data on the system drive (maybe in the user's tmp folder) = that >> can later be used to tell what drive was mounted, with what = parameters >> the program was started etc. >>=20 >> Thanks >>=20 >=20 > I am not sure about what temp files python might leave around, but if = you are being ultimately paranoid about this, one risk that will be = present is the possibility of leaving traces of data in the swap file. = If the program doesn't specifically prohibit it, anything that is = brought into memory (and the act of reading the pendrive will do this) = might end up in the swap file. >=20 > I can't imagine python having a run time option to force it to disable = the swap file. >=20 > If the data is as sensitive as they seem to want to treat it, perhaps = you should follow the procedures of classified computing, which says = that any storage medium "exposed" to classified computing becomes = classified. This would say that you would use a dedicated machine to do = these backups, and after doing them, you remove the hard disk from the = machine and lock it up, only to be taken out for later backups. This = level of paranoia says you don't need to be as concerned about figuring = out what traces might be left, you assume they are and lock them up. > =97=20 Furthermore, I don=92t know about Windows, but on many UNIX-like OSs, = the file system preserves the time the file was last accessed. If the = goal is truly to leave no traces of the fact that the a group of files = was backed up, this pretty well would be a red flag that they had been. -Bill=